6 min
Metasploit
Metasploit Weekly Wrap-Up 11/01/2024
Pool Party Windows Process Injection
This Metasploit-Framework release includes a new injection technique deployed on
core Meterpreter functionalities such as process migration and DLL Injection.
The research of a new injection technique known as PoolParty
[https://www.safebreach.com/blog/process-injection-using-windows-thread-pools/]
highlighted new ways to gain code execution on a remote process by abusing
Thread-Pool management features included on Windows kernel starting from Windows
Vista.
1 min
Metasploit
Metasploit Weekly Wrap-Up 08/23/2024
New module content (3)
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #19373 [https://github.com/rapid7/metasploit-framework/pull/19373]
contributed by h4x-x0r [https://github.com/h4x-x0r]
Path: admin/http/fortra_filecatalyst_workflow_sqli
AttackerKB reference: CVE-2024-5276
[https://attackerkb.com/search?q=CVE-2024-5276&referrer=blog]
Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL
inj
3 min
Metasploit
Metasploit Weekly Wrap-Up 06/14/2024
New module content (5)
Telerik Report Server Auth Bypass
Authors: SinSinology and Spencer McIntyre
Type: Auxiliary
Pull request: #19242 [https://github.com/rapid7/metasploit-framework/pull/19242]
contributed by zeroSteiner [https://github.com/zeroSteiner]
Path: scanner/http/telerik_report_server_auth_bypass
AttackerKB reference: CVE-2024-4358
[https://attackerkb.com/search?q=CVE-2024-4358?referrer=blog]
Description: This adds an exploit for CVE-2024-4358 which is an authentication
bypass in Te
3 min
Metasploit
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS
Metasploit added capabilities
[https://docs.metasploit.com/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html]
for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4
technique in particular has been supported for some time now thanks to the
ad_cs_cert_templates module which enables users to read and write certificate
template objects. This facilitates the exploitation of ESC4 which is a
misconfiguration in
5 min
Metasploit
Metasploit Weekly Wrap-Up 01/26/24
Direct Syscalls Support for Windows Meterpreter
Direct system calls are a well-known technique that is often used to bypass
EDR/AV detection. This technique is particularly useful when dynamic analysis is
performed, where the security software monitors every process on the system to
detect any suspicious activity. One common way to do so is to add user-land
hooks on Win32 API calls, especially those commonly used by malware. Direct
syscalls are a way to run system calls directly and enter kernel
2 min
Metasploit
Metasploit Wrap-Up
This week’s Metasploit release contains 2 new modules released as part of the Rapid7 F5 BIG-IP and iControl REST Vulnerabilities research article.
3 min
Metasploit
Metasploit Weekly Wrap-Up: Sep. 29, 2023
TeamCity authentication bypass and remote code execution
This week’s Metasploit release includes a new module for a critical
authentication bypass in JetBrains TeamCity CI/CD Server. All versions of
TeamCity prior to version 2023.05.4 are vulnerable to this issue. The
vulnerability was originally discovered by SonarSource, and the Metasploit
module was developed by Rapid7’s Principal Security Researcher Stephen Fewer who
additionally published a technical analysis on AttackerKB for CVE-2023-4279
5 min
Metasploit
Metasploit Weekly Wrap-Up: Jun. 16, 2023
Metasploit T-Shirt Design Contest
In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition
t-shirts - and we're inviting members of our community to have a hand in its
creation. The contest winner will have their design featured on the shirts,
which will then be available to pick up at Black Hat 2023.
We will be accepting submissions from now through June 30! Contest details,
design guidelines, and submission instructions here
[https://docs.google.com/forms/d/e/1FAIpQLSeWU
4 min
Metasploit
Metasploit Wrap-Up: May 12, 2023
New modules for Zyxel Router RCE, Pentaho Business Server Auth Bypass, ManageEngine ADAudit authenticated file write RCE, and HTTPTrace functionality added to scanner modules
7 min
Metasploit
Metasploit Weekly Wrap-Up: Mar. 31, 2023
5 new modules including Windows 11 WinSock Priv Esc, SolarWinds Information Service (SWIS) RCE and AMQP Support
13 min
Metasploit
Metasploit Framework 6.3 Released
Metasploit Framework 6.3 is now available. New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.
3 min
Metasploit
Metasploit Weekly Wrap-Up: 11/11/22
ADCS - ESC Vulnerable certificate template finder
Our very own Grant Willcox has developed a new module which allows users to
query a LDAP server for vulnerable Active Directory Certificate Services (AD CS)
certificate templates. The module will print the detected certificate details,
and the attack it is susceptible to. This module is capable of checking for
ESC1, ESC2, and ESC3 vulnerable certificates.
Example module output showing an identified vulnerable certificate template:
msf6 auxiliar
3 min
Metasploit
Metasploit Wrap-Up: 8/19/22
Advantech iView NetworkServlet Command Injection
This week Shelby Pace [https://github.com/space-r7] has developed a new exploit
module for CVE-2022-2143
[https://attackerkb.com/topics/XYFOEYsgKa/cve-2022-2143?referrer=blog]. This
module uses an unauthenticated command injection vulnerability to gain remote
code execution against vulnerable versions of Advantech iView software below
5.7.04.6469. The software runs as NT AUTHORITY\SYSTEM, granting the module user
unauthenticated privileged access
9 min
Metasploit
Announcing Metasploit 6.2
Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes.
4 min
Metasploit
Metasploit Weekly Wrap-Up: 5/27/22
PetitPotam Improvements
Metasploit’s Ruby support has been updated to allow anonymous authentication to
SMB servers. This is notably useful while exploiting the PetitPotam
vulnerability with Metasploit, which can be used to coerce a Domain Controller
to send an authentication attempt over SMB to other machines via MS-EFSRPC
methods:
msf6 auxiliary(scanner/dcerpc/petitpotam) > run 192.168.159.10
[*] 192.168.159.10:445 - Binding to c681d488-d850-11d0-8c52-00c04fd90f7e:1.0@ncacn_np:192.168.159